djblets.webapi.auth.backends.api_tokens¶
Authentication support for using API tokens.
This provides two classes needed for integrating API token support.
TokenAuthBackendMixin
must be subclassed or mixed into an
authentication backend and registered in
AUTHENTICATION_BACKENDS
.
WebAPITokenAuthBackend
must then be added to the API authentication
list at settings.WEB_API_AUTH_BACKENDS
.
-
class
TokenAuthBackendMixin
[source]¶ Bases:
object
Mixin for a standard auth backend for API token authentication.
This will handle authenticating users and their API tokens for API requests. It’s only used for API requests that specify a username and a token.
This class is meant to be subclassed and mixed in to another auth backend. Subclasses must define
api_token_model
.
-
class
WebAPITokenAuthBackend
[source]¶ Bases:
djblets.webapi.auth.backends.base.WebAPIAuthBackend
Authenticates users using their generated API token.
This will check the
HTTP_AUTHORIZATION
header for atoken <token>
value. If found, it will attempt to find the user that owns the token, and authenticate that user.-
get_credentials
(request)[source]¶ Return credentials for the token.
If the request is attempting to authenticate with a token, this will return a dictionary containing the token in a
token
key.Parameters: request (HttpRequest) – The HTTP request from the client. Returns: A dictionary containing the token in a token
key, if the client requested a token for authentication.Return type: dict
-
login_with_credentials
(request, **credentials)[source]¶ Log the user in with the given credentials.
This performs the standard authentication operations, and then stores some session state for any restrictions specified by the token.
Parameters: - request (HttpRequest) – The HTTP request from the client.
- credentials (dict) – The credentials data from the request.
Returns: See the return type in
WebAPIAuthBackend.authenticate()
.Return type: tuple or None
-